Have you ever wondered what to look for in a security awareness training program? Recently our CEO Larry Cates was interviewed by Info Security Products Guide for their executive interviews, and he discussed this topic with Rake Narang from the ISPG team.
Here are my three favorite points on what to look for in a Security Awareness Training Program:
- Learning is not a one-time event, and therefore you need to provide continuous learning in order to actively engage your audience. Your program should consider options that provide multiple touchpoints in your campaign: general awareness courses, role-based courses, topical videos, security newsletters, themed posters, email campaigns and more.
- The absence of relevant and scenario-based training to engage the user is a critical misstep in conducting an effective program.
- Specific course topics should focus on individual responsibility and include: phishing, mobile security, passwords, identity theft, social engineering, portable devices, data security, network security and physical security.